The RSA privacy policy (data protection)

The Privacy Policy employed by RSA Consulting Ltd (RSA) has been developed as an extension of our commitment to combine the finest quality services with the highest level of integrity in dealing with our clients, candidates, suppliers, associates and staff. The Policy guides how we collect, store and use information about individuals and organisations. It will be continuously assessed against new technologies, business practices and the changing needs of everyone we deal with.

Our Data Protection Policy recognises two kinds of personal data that deserve different levels of protection:

• Personally-Identifiable Information includes, for example, e-mail addresses, billing information, employment status and 'click stream' data that tracks visitor activity on a Web site or online service.
• A subset of that category, Sensitive Data, deserves additional safeguards. Sensitive Data includes, by way of example, Clients' confidential data, individuals' home telephone numbers, Bank Account, Income Tax and National Insurance numbers, interview notes, CV's, etc. If your relationship with us includes providing RSA with Sensitive Data, we will protect that information with extra care. We will not distribute Sensitive Data outside of RSA, if you so request, and will give you the chance to opt out of sharing this information within our own organisation.

RSA collect Personally-Identifiable Information and Sensitive Data only when there is a legitimate business need to do so.

Our Policy provides the following:

• Notice: We will inform you about why we are collecting Personally-Identifiable Information and how we intend to use it. We need to collect and store your name, address, and other basic Personally-Identifiable Information, for example, to provide you with the service you requested, as well as for billing purposes. This information also enables us to develop and customise services better to meet your needs and preferences and to bring to your attention job etc. opportunities from RSA and occasionally other sources that may be of interest to you.
• Opt Out: From time to time, we are approached by companies and organisations that have a product or service that we believe may be of interest to you. We may share your Personally-Identifiable Information with these companies in an effort to help you find these resources. We will, however, always gain your permission before disclosing Personally-Identifiable Information to third parties that are not affiliated to RSA.
• Security: We will maintain appropriate safeguards to ensure the security, integrity and privacy of your Personally-Identifiable Information.
• Review and Correction: We are continuing to enhance our procedures to enable you to review and correct, upon request, the Personally-Identifiable Information we collect from you. Currently, we need you to make such a request in a manner that can be verified.
• Registration: RSA is registered with the Office of the Information Commissioner (formerly the Data Protection Commissioner) www.dataprotection.gov.uk, number Z5582962. This grants RSA the right to store and process personal data on individuals for commercial use within the EU and other selected countries such as Switzerland and the Nordic countries that have also subscribed to the EU controls on data use.

RSA will not sell personal data in any form, including mailing lists. All its data are for internal use only: clients only discover candidates' identity when they give permission. From time to time RSA conducts surveys on market trends, pay levels etc. Individual responses are never published or revealed - only summarised data are released.

RSA will continue to oversee implementation of and compliance with our Policy and will adapt the Policy to reflect changes in technology and the expectations of everyone we deal with. To ensure that we are following our stated Policy, we also conduct periodic and random audits of our Web sites and other systems.

The Data Protection Policy employed by RSA Consulting Ltd (RSA) has been developed as an extension of our commitment to combine the finest quality services with the highest level of integrity in dealing with our clients, candidates, suppliers, associates and staff. The Policy guides how we collect, store and use information about individuals and organisations. It will be continuously assessed against new technologies, business practices and the changing needs of everyone we deal with.

Our Data Protection Policy recognises two kinds of personal data that deserve different levels of protection:

• Personally-Identifiable Information includes, for example, e-mail addresses, billing information, employment status and 'click stream' data that tracks visitor activity on a Web site or online service.
• A subset of that category, Sensitive Data, deserves additional safeguards. Sensitive Data includes, by way of example, Clients' confidential data, individuals' home telephone numbers, Bank Account, Income Tax and National Insurance numbers, interview notes, CV's, etc. If your relationship with us includes providing RSA with Sensitive Data, we will protect that information with extra care. We will not distribute Sensitive Data outside of RSA, if you so request, and will give you the chance to opt out of sharing this information within our own organisation.

RSA collect Personally-Identifiable Information and Sensitive Data only when there is a legitimate business need to do so.

Our Policy provides the following:

• Notice: We will inform you about why we are collecting Personally-Identifiable Information and how we intend to use it. We need to collect and store your name, address, and other basic Personally-Identifiable Information, for example, to provide you with the service you requested, as well as for billing purposes. This information also enables us to develop and customise services better to meet your needs and preferences and to bring to your attention job etc. opportunities from RSA and occasionally other sources that may be of interest to you.
• Opt Out: From time to time, we are approached by companies and organisations that have a product or service that we believe may be of interest to you. We may share your Personally-Identifiable Information with these companies in an effort to help you find these resources. We will, however, always gain your permission before disclosing Personally-Identifiable Information to third parties that are not affiliated to RSA.
• Security: We will maintain appropriate safeguards to ensure the security, integrity and privacy of your Personally-Identifiable Information.
• Review and Correction: We are continuing to enhance our procedures to enable you to review and correct, upon request, the Personally-Identifiable Information we collect from you. Currently, we need you to make such a request in a manner that can be verified.
• Registration: RSA is registered with the Office of the Information Commissioner (formerly the Data Protection Commissioner) www.dataprotection.gov.uk, number Z5582962. This grants RSA the right to store and process personal data on individuals for commercial use within the EU and other selected countries such as Switzerland and the Nordic countries that have also subscribed to the EU controls on data use.

RSA will not sell personal data in any form, including mailing lists. All its data are for internal use only: clients only discover candidates' identity when they give permission. From time to time RSA conducts surveys on market trends, pay levels etc. Individual responses are never published or revealed - only summarised data are released.

RSA will continue to oversee implementation of and compliance with our Policy and will adapt the Policy to reflect changes in technology and the expectations of everyone we deal with. To ensure that we are following our stated Policy, we also conduct periodic and random audits of our Web sites and other systems.

The RSA Data Protection Policy has been developed out of respect for the privacy preferences and choices of our candidates, suppliers customers, associates and staff. We have established procedures to ensure that every reasonable effort is made to address your concerns. If you have any questions or comments on RSA and its data protection policy please contact one of our Directors. If you have a complaint about our handling of data, you have the right to involve the Information Commissioner - but please inform us first, preferably by e-mail to , so that we may have the opportunity to address any issues directly with you.